Bill Landry wrote:
>
> And this works even with the clamav and amavis users and groups
> removed. I'll be updating and testing my script and will release an
> updated version soon. Thanks everyone for the feedback, I think all of
> this shows that the issue appears to be with access to /dev/nul
Bill Landry wrote:
> In a default configure (simply "./configure" without any config options
> set) and build of clamav, what temporary directory does clamav use by
> default - that is, the temporary directory that can be overridden with
> the following clamscan flag?:
>
Poking around in the code
Matthias Schmidt wrote:
> Hello,
>
> I have a little problem with clamd:
> the process terminates, because:
> Socket file /tmp/clamd is in use by another process.
>
> now I have no glue, which other process could use the socket file from clamd.
> I set the permissions to 777 on the end, but didn'
McGlynn, Sean (DOB) wrote:
> Hello,
>
> The /var/spool/mail/root log files on our servers are logging every file
> that clamav scans, causing the files to become huge. I don't see what
> in our clamd.conf configuration files would be causing this. Our
> configuration file follows - any help wou
Dennis Peterson wrote:
> McGlynn, Sean (DOB) wrote:
>> Hello,
>>
>> The /var/spool/mail/root log files on our servers are logging every file
>> that clamav scans, causing the files to become huge. I don't see what
>> in our clamd.conf configura
Bill Landry wrote:
> Bill Landry wrote:
>> After a discussion on the clamav-users list yesterday of an issue a
>> couple of script users were experiencing with write access to the
>> temporary directory, I made a change to the script to overcome this
>> issue. There are also a couple of other scri
Jan-Pieter Cornet wrote:
> On Tue, Sep 25, 2007 at 03:17:35PM -0700, Bill Landry wrote:
>>> Epoch time:
>>> perl -e 'print time() . "\n";'
>
> Golfed:
>
> perl -le print+time
>
> You can even leave the -l switch if used in ``, because the trailing
> newline doesn't matter there.
>
It wouldn't
Jan-Pieter Cornet wrote:
>
> So, TIMTOTDI squared (look ma', no perl!). This does the same as
> date +%s too:
>
> echo|awk '{print systime()}'
>
But not in Solaris which is where the OP's original hack was born. You
need gawk:
echo|gawk '{print systime()}'
My favorite absurd method in S
Bill Landry wrote:
>
> Okay, let's try this again. A new update has been posted that will first try
> "date +%s" and if that fails, then it will automatically fall back to a perl
> option. I didn't update the version number, just the version info:
You can rip out a lot of code (well, some code
Kyle Lanclos wrote:
> Dennis wrote:
>> You can rip out a lot of code (well, some code) if you just use the Perl
>> date method by default and forget the date +%s stuff entirely.
>
> Your mileage may vary.
>
> $ time perl -le print+time
>
> real0m0.002s
>
> $ time date +%s
>
> real0m0.
Bill Landry wrote:
> Dennis Peterson wrote the following on 9/25/2007 8:06 PM -0800:
>> Bill Landry wrote:
>>
>>
>>> Okay, let's try this again. A new update has been posted that will first
>>> try
>>> "date +%s" and if that fails
Bill Landry wrote:
> Dennis Peterson wrote the following on 9/25/2007 9:45 PM -0800:
>> Also - if you do all your tests up front and discover you'll need to run
>> multiple instances of perl you may find you can collect multiple code
>> segments into a single execution
Christopher X. Candreva wrote:
> On Fri, 28 Sep 2007, Jon Wagoner - Red Cheetah wrote:
>
>> Yes, I'm periodically doing scans of the full drive. I could just skip
>> the mysql directory, but that seems pretty bad security practice.
>
> Why does it seem that way to you ?
>
> I don't think scanni
Jon Wagoner - Red Cheetah wrote:
>
> Is there any way I can disable the check for Email.FreeGame?
Is there any reason to suspect this file will ever contain a viable virus? If
not
then don't bother scanning it. Sorry I don't have an answer for your question.
dp
__
Jon Wagoner - Red Cheetah wrote:
>>> Yes, I'm periodically doing scans of the full drive. I could just
>> skip
>>> the mysql directory, but that seems pretty bad security practice.
>> Why does it seem that way to you ?
>
> It appears clamav just does a substring match on the exclude, so it
> woul
Jeff Thurston wrote:
>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:clamav-users-
>> [EMAIL PROTECTED] On Behalf Of Chris Adams
>> Sent: Friday, September 28, 2007 11:48 AM
>> To: 'ClamAV users ML'
>> Subject: Re: [Clamav-users] clamd stuck at 100% cpu usage
>>
>> Once upon a time
Jeff Thurston wrote:
>
> Please forgive my ignorance, I don't use strace very much...
>
> I assume it is as simple as waiting for the process to get stuck at 100%
> again, then 'strace -p ` and look for... what should I look for?
Yes, pretty much it. You should probably also use the -f (follow)
Dennis Peterson wrote:
> Jeff Thurston wrote:
>>> -Original Message-
>>> From: [EMAIL PROTECTED] [mailto:clamav-users-
>>> [EMAIL PROTECTED] On Behalf Of Chris Adams
>>> Sent: Friday, September 28, 2007 11:48 AM
>>> To: 'ClamAV users M
David F. Skoll wrote:
> Dennis Peterson wrote:
>
>> Yes, pretty much it. You should probably also use the -f (follow)
>> switch to see what the kids are doing, too.
>
> Does strace work well with POSIX threads on Linux? My impression was not,
> but maybe my informa
Micah wrote:
>> No and yes. But you can write a small script, perhaps even a long command,
>> to
>> do just that.
>> - --
>> René Berber
>
> Sorry if I'm a bit thick...but how?
>
> How can I get ClamScan to tell me what line (for a text file) matched a
> signature?
> Or
> How can I get ClamSca
Micah wrote:
>> There are scripts on line you can download that will split your single file
>> into
>> individual files - each a complete message. These you scan one at a time.
>> After
>> you've found and dealt with the infected message(s) you reassemble the
>> individual
>> files into a single
Micah wrote:
>>> http://www.clamav.org/support/faq/ (the 8th item in Miscellaneous) says:
>> The entire process takes less than a minute here on a file of around 4g in
>> size.
>>
>> dp
>>
>
> Okay, so I used mb2md to convert the mbox to 1692 files and then ran the
> scanner. Check this out:
>
Chinh Nguyen Tam wrote:
> Greetings,
>
> We've notice some strange behavior of clamav in our email server for.
> When we try to send some email (HTML format, Outlook 2003) with URL
> inside, clamav detects these email as Email.Foolball-2 virus. If we send
> the emails with the same URL in Thund
Chinh Nguyen Tam wrote:
> Dennis Peterson wrote:
>> Chinh Nguyen Tam wrote:
>>> Greetings,
>>>
>>> We've notice some strange behavior of clamav in our email server for.
>>> When we try to send some email (HTML format, Outlook 2003) w
Nigel Horne wrote:
> Run "clamscan --debug " and look for the message
> Deal with message number
>
> -Nigel
I have to say, that is about the worst way I've seen yet to nail down a
positive as
there is a lot of debris to wade through, and there's no indication in the
output
that a virus has b
Christoph Cordes wrote:
> Am 02.10.2007 um 19:24 schrieb Dennis Peterson:
>
>> Can anyone offer a reason why the OP found a virus in the mbox file
>> but not in the
>> split out maildir messages? That kind of inconsistency is unsettling.
>
> Just read my reply
Joao S Veiga wrote:
> Hi, I was getting tons of these false positives (just reported&submitted a
> sample).
>
> you can delete the line:
>
> Email.FreeGame:4:*:75626a6563743a{-30}(67|47)616d65*687474703a2f2f(31|32|33|34|35|36|37|38|39)
>
> from /var/lib/clamav/daily.inc/daily.ndb
>
> and it w
Joao S Veiga wrote:
> Hi John,
>
>> think long and hard about the combination of payments and entities which are
>> reduced to using numeric IPs in URLs. I suspect my business goes elsewhere.
>
> Agreed :-), but the problem is (and what has caused most of my problems) that
> if
> you have an e
Bill Landry wrote:
> Dennis Peterson wrote:
>> Joao S Veiga wrote:
>>> Hi John,
>>>
>>>> think long and hard about the combination of payments and entities which
>>>> are
>>>> reduced to using numeric IPs in URLs. I suspect my bu
Karsten Bräckelmann wrote:
> On Tue, 2007-10-02 at 10:24 -0700, Dennis Peterson wrote:
>> Can anyone offer a reason why the OP found a virus in the mbox file but not
>> in the
>> split out maildir messages? That kind of inconsistency is unsettling.
>
> Rather easy I
Karsten Bräckelmann wrote:
> On Wed, 2007-10-03 at 10:45 -0700, Dennis Peterson wrote:
>> Karsten Bräckelmann wrote:
>
> Developers, read on. :)
>
>>> Somewhat simplified, the signature reads "Subject with the string game"
>>> and "an IP sty
Tomasz Kojm wrote:
> On Thu, 04 Oct 2007 00:47:02 +0200
> Karsten Bräckelmann <[EMAIL PROTECTED]> wrote:
>
>> On Wed, 2007-10-03 at 10:45 -0700, Dennis Peterson wrote:
>>> Karsten Bräckelmann wrote:
>> Developers, read on. :)
>>
>>>> Some
Kapp wrote:
> Probably missing something obvious. Hope someone can kick me in the right
> direction.
>
> using postfix/amavisd-new/spamassassin/clamd
>
> Yesterday I upgraded to the latest amavisd-new and spamassassin.
>
> Prior to the upgrade when clamd scanned the Eicar test and the
> scam-sig
John W. Baxter wrote:
> On 10/3/07 10:45 AM, "Dennis Peterson" <[EMAIL PROTECTED]> wrote:
>
>> Karsten Bräckelmann wrote:
>>> On Tue, 2007-10-02 at 10:24 -0700, Dennis Peterson wrote:
>>>> Can anyone offer a reason why the OP found a virus in
Karsten Bräckelmann wrote:
> On Wed, 2007-10-03 at 18:31 -0500, René Berber wrote:
>> Karsten Bräckelmann wrote:
>
>>> Another downside of this approach, together with ClamAV treating mbox
>>> format files as text/plain is, that only the first hit will be reported.
>> That was made to improve perf
Pieter wrote:
> Hi,
>
> I saw indeed that this info is shown upon running freshclam. However I do
> not want to trigger an update to the servers. I only want this info. Just
> running freshclam will add more load to your pattern file servers which is
> not needed in this case. Hence the request ..
Pieter wrote:
> Hi Dennis,
>
> Thanks. For this reply. Is it also possible to view the versions of the
> local databases ? So not the version of those available at the mirrors?
> (without grepping over the freshclam logfiles).
>
> Kind regards
> Pieter
If you have a daily.cvd file:
sigtool --inf
Rob MacGregor wrote:
> On 10/14/07, Aniruddha <[EMAIL PROTECTED]> wrote:
>> Thanks for the answers, does anyone know this for sure?
>
> Quoting the ClamAV home page:
>
> ...designed especially for e-mail scanning on mail gateways.
>
> So no, it's not designed to detect rootkits.
>
I don't thin
Sean McGlynn wrote:
> Hello,
>
> I am testing clamscan, and running the following command:
>
> clamscan -r --move=/var/log/clam/infected -l /var/log/clam/dailyclamscanSPM
> /home/justlgn/test/eicar.com
>
> The results indicate "can't open file," and that no infected files were
> found. The cl
Sean McGlynn wrote:
> Dennis,
>
> Thank you for taking the time to reply.
>
> Yes, I am running the scan as root.
>
> Sean
>
>
Is the home directory mounted?
Dennis
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http:/
Dennis Peterson wrote:
> Sean McGlynn wrote:
>> Dennis,
>>
>> Thank you for taking the time to reply.
>>
>> Yes, I am running the scan as root.
>>
>> Sean
>>
>>
>
> Is the home directory mounted?
>
Should have said "NFS moun
Sean McGlynn wrote:
> The directory I am trying to scan is mounted, as is the directory to where I
> want the infected files moved, if I am understanding your question.
>
> Thanks again.
User root is frequently (and correctly) prohibited from deleting files from NFS
mounted sources. There are m
Sean McGlynn wrote:
> Just to be certain (It's not my first day with Linux, but I'm still
> relatively new
> to it), you mean NFS as in Network File System, as in mounting a remote file
> system on the Linux server, correct? If correct, then no, NFS is not
> involved.
> Both the directory bei
Jonathan Kamens wrote:
> Greetings,
>
> Recently, ClamAV version 0.90.2 with main.cvd version 44 and daily.cvd
> version 4540 reported that an EXE on one of our servers was infected
> with Hacktool.PCGI. This EXE came from a pretty reputable source, and
> when I scanned the same file with Symante
Dean Brunson wrote:
> I went there to cast a vote, too. I couldn't find any statement of how
> they would use my e-mail address. I closed the window without voting.
>
Ditto - a data harvesting page if ever I've seen one. I think the least useful
piece
of info you can leave on that page is yo
Gomes, Rich wrote:
> I received some emails yesterday matching the following:
>
> Infected messages:
> Email.Ecard-28: 2 Message(s)
> Email.Phishing.RB-1804: 2 Message(s)
> Email.Phishing.RB-1806: 2 Message(s)
>
>
> I think these are ClamAV-specific names, how can I find out more det
Gomes, Rich wrote:
> Dennis, Thanks for the reply. I understand all of what you are saying, having
> worked as a sysadmin for many years now. My issue is that even with most
> vendors
> using different naming conventions, they are "usually" cross-reference in any
> technical info that is out there
Bowie Bailey wrote:
> I found a privacy policy here:
>
> http://www.scmagazineus.com/PrivacyPolicy/
>
> but I can't quite figure out what it is trying to say.
>
> Bowie
>
It says clearly they will provide, possibly for a fee, possibly not, all your
information to their contacts list. In addit
Dave Warren wrote:
> In message <[EMAIL PROTECTED]> Dennis Peterson
> <[EMAIL PROTECTED]> wrote:
>
>> Question: Why is this called a "privacy statement" rather than "an invasion
>> of
>> privacy statement"?
>
> Just because th
John Rudd wrote:
> John Rudd wrote:
>
>> I can produce 2 examples of messages that cause the problem, in RFC822
>> format, for anyone who wants to experiment with them.
>
> I decided I'd just go ahead and make them available:
>
> http://people.ucsc.edu/~jrudd/ClamAV/318642.mbox
>
> http://peop
David F. Skoll wrote:
> Hello,
>
> A client of ours had a bunch of machines whose CPUs were maxed out
> at 100% because of clam. Changing PhishingScanURLs to "no" from the
> default "yes" dropped the load average from 70+ to about 3, and the
> CPU usage from 100% to under 50%. This is under Linu
Joe Clements wrote:
>> For what it is worth, Linux will only forge ahead in the market by
>> improvements
>> in 2 areas. One of them is security. I would like to see 1 security suite
>> which
>> has the capability to deal with ALL threats. Windows security has to have an
>> anti virus, anti troj
Steve Holdoway wrote:
>> I don't see where Linux is unique in this regard. I also don't see why the
>> success of
>> Linux is particularly important vs BSD, Solaris, Windows, etc. But I suppose
>> that
>> discussion is for another forum.
>>
>
> I think the OP may beconsidering linux as a des
Gerard Seibert wrote:
> On Monday November 12, 2007 at 04:22:47 (PM) David F. Skoll wrote:
>
>> Really? All posters on this thread who gave an opinion wanted
>> PhishingScanURLs off by default. I invite users who want
>> PhishingScanURLs to be on by default to come forward; I'll happily go
>> wi
[EMAIL PROTECTED] wrote:
> Hello all.
>
> We've had some consultant make the spurious claim that Clam AV only scans for
> 'windows viruses' and is really only useful for 'scanning email'.
> Despite the fact that I know this to be patently false, is there
> documentation out there I can slap him
Gerard wrote:
>> On November 16, 2007 at 10:14AM Christoph Cordes wrote:
>
>> So, what do you think - is this a solution that would work for the
>> majority ? It would also be helpful - if this is a solution you could
>> agree one - if you make suggestions what to include in the different
>
Unai Rodriguez wrote:
> Dear All,
>
> We are managing a set of servers running Debian plus VMware Server (free
> version). All of them are pretty busy since each of them run several
> VMware Virtual Servers.
>
> I am trying to come up with a way (aka Best Practice) of having all
> these machin
David F. Skoll wrote:
> Ian Eiloart wrote:
>
>>> Hold on here. Are you stating that you expect users to actually RTFM? I
>>> think you are expecting way too much.
>
>> No, it's not. Not when the users are professional IT people.
>
> :-) I don't think we hang around the same "Professional IT peo
G.W. Haywood wrote:
> Hi there,
>
> Of course we aren't considering here the case where you might be looking,
> say, for vulnerable libraries compiled statically into random executables.
>
Debian has some patterns for this that are instructional - they are used for
locating
static versions of
Ian G Batten wrote:
> On 18 Nov 07, at 0614, Dennis Peterson wrote:
>> Have you considered scannning only files that have changed (md5sum
>> difference, for
>> example) since the last time they were scanned? There's no need to
>> scan a file
>> endles
David F. Skoll wrote:
> Dennis Peterson wrote:
>
>> All of these problems are best discovered during the test stage in any event.
>
> Yes, but you know as well as anyone that you can't always simulate a
> production environment in a test environment. We simply do
David F. Skoll wrote:
> Dennis Peterson wrote:
>
>> That which you can't test you are obliged to understand. If you
>> can't understand a thing because of time constraints, complexity, or
>> inadequate documentation, then you turn it off until circumstances
>
David F. Skoll wrote:
> Dennis Peterson wrote:
>
>> They didn't turn it on and they didn't install it. They provided a
>> sample config that is incapable of running and which requires
>> administrative attention in order to use. What finally ends up
>> ru
Derick Centeno wrote:
>
> Hi Jim:
>
> For OS X the clamav engine works with the interface provided by
> clamXav. You can take a look at that page here:
> http://www.clamxav.com/
>
> Whenever I'm in OS X, I never fail to be amazed at all the windows
> virii, trojans and God knows what attem
Gerard wrote:
>> On November 19, 2007 at 11:43AM Dennis Peterson wrote:
>
>> Before the widespread use of Fusion and Parallels in the Mac this wasn't too
>> much of
>> a problem. Virtual machines have now made it more important to keep the OS X
>> file
&g
Ian G Batten wrote:
> On 19 Nov 07, at 1228, G.W. Haywood wrote:
>
>> Hi there,
>>
>> On Mon, 19 Nov 2007 Ian G Batten wrote:
>>
>>> On 18 Nov 07, at 0614, Dennis Peterson wrote:
>>>> Have you considered scannning only files that have changed (
Derick Centeno wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I'm sure that you're aware that you can also switch that function off
> by merely commenting out those lines.
My 0.91.2 sample clamd.conf file says:
# With this option enabled ClamAV will try to detect phishing attempt
Noel Jones wrote:
> >> To disable these heuristics based signatures in
> >> clamd/clamdscan, set
> >> PhishingScanURLs no
> >> in clamd.conf and then stop/start clamd.
> >
>
> Derick Centeno wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> I'm sure that you're aware that you c
Derick Centeno wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Which is why my primary system is not OS X, but rather Yellow Dog
> Linux (YDL)!
This highlights the big gripe I have with Linux. You can't even talk about it
without
immediately indicating which vendor's Linux. It is
David F. Skoll wrote:
> Tomasz Kojm wrote:
>
>> This is getting boring!
>
> I'm sorry you find it so. I actually find this to be exciting reading:
>
> http://www.securityfocus.com/cgi-bin/index.cgi?o=0&l=30&c=12&op=display_list&vendor=Clam%20Anti-Virus&version=&title=&CVE=
>
> Please, Clam dev
Steve Wray wrote:
> Christoph Cordes wrote:
>> Hello,
>>
>> so in the end it boils down to this:
>>
>> - after a new release ClamAV should mimic the behavior of the
>> preceding version by default unless it's a major release (.x0) or the
>> user enabled possible new features explicitly. further
Sheikji Nazirudeen wrote:
> Hello:
> I am in the process of scanning HP and Sun servers. I am running into
> issues wherein, it takes a long time for the scan to complete. Is there any
> way apart from exculding certain file extensions to increase the speed. I
> would be much interested in a soft
Dzek wrote:
> Dear alll,
>
> Anybody can help me on this, vhen i go to /var/lib/clamav/daily.inc/ there
> is no file there. how do i copy one there.
>
> Thanks.
You should have a tool that came with your clamav suite. Find and run clamconf
and
post the results here. Your configuration broken.
Unai Rodriguez wrote:
> Dear all,
>
> Let's imagine that while scanning the system ClamAV finds an infected file:
>
> file: virus FOUND
>
> What is the best way to remove it?
>
> 1) clamscan --remove file
>
> NOTE.- What if the files is *BIG*? Do I have to scan it again to remove it?
> ---
Jeffrey Rice wrote:
> Hello,
> Is there any way to reduce/control the memory use of clamd? I'm running
> a co-hosted VPS, so memory is at a premium. I have 256 Mb of RAM on the
> machine, and clamd is taking 95Mb of virtual, and has a 65Mb resident
> footprint! That seems excessive, to say th
Andrew McGlashan wrote:
> Dennis Peterson wrote:
>> You are running a very underpowered system for a virus scanner. That
>> is the real shame. Memory is cheap even in third world nations -
>> there is no reason an on-demand system like a virus scanner should be
>> shac
Andrew McGlashan wrote:
> Dennis Peterson wrote:
>> I'd be real tempted to
>> farm out this function to a capable server via tcp/ip connections.
>
> Okay thanks, is there any guides to farm out such connections to help?
>
I use Sendmail and a milter, J-Chkmail whi
Henrik Krohns wrote:
> On Tue, Dec 11, 2007 at 06:55:09PM -0800, Dennis Peterson wrote:
>> Andrew McGlashan wrote:
>>> Dennis Peterson wrote:
>>>> You are running a very underpowered system for a virus scanner. That
>>>> is the real shame. Memory is chea
Henrik Krohns wrote:
> On Tue, Dec 11, 2007 at 09:19:45PM -0800, Dennis Peterson wrote:
>> The messages/hour is not a parameter one typically controls. Systems I build
>> are
>> build to handle estimated worst case loads.
>
> Maybe you can't "control"
Henrik Krohns wrote:
> On Tue, Dec 11, 2007 at 09:53:54PM -0800, Dennis Peterson wrote:
>> Henrik Krohns wrote:
>>> On Tue, Dec 11, 2007 at 09:19:45PM -0800, Dennis Peterson wrote:
>>>> The messages/hour is not a parameter one typically controls. Systems I
>&g
Andrew McGlashan wrote:
> Gerard wrote:
>> I believe that it is worth mentioning, that the receiver of said
>> messages must insure that they do not engage in the practice referred
>> to as "backscatter".
>>
>> http://en.wikipedia.org/wiki/Backscatter#Backscatter_of_email_spam
>>
>> An improperly
Baz wrote:
> Hello,
>
> I installed ClamAV and ran a scan on my entire system returning a
> report of one infected file. How do I find this file? I
>
Did you look in your log file?
dp
___
Help us build a comprehensive ClamAV guide: visit http://wiki
Baz wrote:
> And where exactly is it? Do Linux developers intentionally make this
> shit difficult and still bitch about Windows/Norton's dominance?
Please crush with all your being any desire to top post.
Apparently you've not read anything yet so a good place to start is the ClamAV
Wiki.
The
Baz wrote:
> Or this
> # clamscan -r /
>
> Dave, keep that smug attitude going. It only helps M$. Thank God I
> still have XP on another partition.
>
Despite the fact that you are a top posting whining asshat who has no sense of
personal responsibility, it's Christmas so I'm not going to tell
Paul Kosinski wrote:
> In December 2006, we were running ClamAV 0.88.7, and there were still
> a fair number of "real" viruses being detected in inbound email. Now
> running 0.91.2 and 0.92, there seem to be only phishing attempts, and
> not even very many of them. In fact it seems that our log fil
Cort, Tom wrote:
> Hello,
>
> clamav comes with a sample virus (ClamAV-Test-File) for testing
> purposes. It's located in the clamav source tarball in the 'test'
> directory and named 'clam.exe'. I'd like to distribute it with a free
> software program I maintain, but I can't find the correspondin
JF wrote:
>
>
>
> Est-ce que quelqu'un ou quelques personne pourrait me dire de quoi il
> s'agit, et des étapes à faire pour les enlever si possibilité avec les
> commandes pour que j'puisse pas trop galéré à faire n'importe quoi
Bonjour JF
Les fichiers sont des fichiers de test. Ils doivent
john wrote:
>>> ha
>>> clamav-milter -V
>>> ClamAV version 0.88.7, clamav-milter version 0.88.7
>>>
>>> however when I try to configure with --enable-milter on the new version
>>> 0.92
>>> I get:
>>> configure: error: Cannot find libmilter
>>>
>>> any idea where I can find it?
>> In the libmilter p
Paul Kosinski wrote:
> In reply to various responses:
>
> We haven't reconfigured our local or domain Postfix mail servers
> recently to do graylisting etc., but in April we moved from a shared
> Web host to a dedicated computer for our domain (iment.com). At that
> time, we installed a what was p
David F. Skoll wrote:
> I think we all need to calm down.
>
> "Vulnerability" #1: Yes, cli_gentemp has a theoretical race condition.
> Is it theoretically exploitable? Sure. Is it *likely* to be exploited
> in the real world? No. You have to guess 128 bits of mildly-good random
> data. That's
David F. Skoll wrote:
> Dennis Peterson wrote:
>
>> Does any admin actually run this stuff without setting the temp
>> directory ahead of time?
>
> I bet the vast majority do.
I don't include Linux babies in that...
>
>> This problem is as old as Unix
David F. Skoll wrote:
> Dennis Peterson wrote:
>>>> Does any admin actually run this stuff without setting the temp
>>>> directory ahead of time?
>>> I bet the vast majority do.
>
>> I don't include Linux babies in that...
>
> :-)
>
&g
Phil Chambers wrote:
>
> I was not aware that there was any way to get clamd to do anything other than
> check the content of messages. The Sanesecurity signatures are just a set of
> phishing and scam signatures for ClamAV which are used in addition to the
> standard ClamAV ones.
>
> Given
David F. Skoll wrote:
> Bowie Bailey wrote:
>
>> Then this may be something that could use some explanation.
>
>> Exactly what temp dir setting are you referring to and why should it be
>> changed?
>
> Many (but not all) UNIX programs respect an environment variable
> called TMPDIR that specifie
Rob MacGregor wrote:
> On Jan 3, 2008 3:09 PM, Bowie Bailey <[EMAIL PROTECTED]> wrote:
>> Then this may be something that could use some explanation.
>>
>> Exactly what temp dir setting are you referring to and why should it be
>> changed?
>
> If the environment variable TMPDIR is defined then wel
FM wrote:
> hello,
> I have lots of false positive with clamav phishing detection.
> What is the correct way to remove these rules using sigtool?
From a recent post:
> You can disable the heuristics-based phish checks without
> disabling the signature-based checks. Both the official
> clama
Rob MacGregor wrote:
> On Jan 3, 2008 4:09 PM, Dennis Peterson <[EMAIL PROTECTED]> wrote:
>> The success of this requires a bit of serendipity as well. If for reasons of
>> convenience the new TMPDIR is globally writeable then nothing has been
>> accomplished
>
Jose-Marcio Martins da Cruz wrote:
> Gregory Carter wrote:
>> I totally agree, but I think after you pointed out 4(a), all the other
>> issues cited simply makes further discussion pedantic.
>
> Well, I'd like to add a remark. The discussion about all these issues
> isn't pedantic, as long as...
Phil Chambers wrote:
>
> How do I go about diagnosing this?
Do you have log information showing that both messages followed the same path
to your
AV tool, beginning at port 25 of your inbound MTA?
dp
___
Help us build a comprehensive ClamAV guide:
Daniel Garcia Bruno wrote:
> Hi everybody,
> First of all thank's a million for the work of the ClamAV team!
>
> I've been using it for few years now ... but is the first time I see
> this problem after a Linux -> Solaris 10 mail servers migration :
> SunOS dl380 5.10 Generic_127112-06 i86pc i
601 - 700 of 1801 matches
Mail list logo
